openSSH Vulnerability
Corinna Vinschen
corinna-cygwin@cygwin.com
Wed Mar 20 14:18:00 GMT 2019
On Mar 20 09:13, Bruce Halco wrote:
> openSSH 7.9 is subject to vulnerability CVE-2019-6111. This has been fixed
> in at least some distributions, Debian at least.
Fedora (which is our role model) doesn't and the vulnerability is not
deemed that critical by the upstream maintainers:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037475.html
Fedora's 7.9p1 has an additional patch for CVE-2018-20685 only.
I was planning to wait for OpenSSH 8.0. It was originally slated
for end of January or at least February, but there's no hint from the
upstream maintainers yet in terms of the (obviously changed) release
planning for 8.0.
I can push a 7.9 with the Fedora patch for CVE-2018-20685 if that
helps.
Corinna
--
Corinna Vinschen
Cygwin Maintainer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20190320/41636ef7/attachment.sig>
More information about the Cygwin
mailing list